The current health crisis has prompted many people to reassess their career options. Promising careers in offline retail don’t seem that promising anymore, and it’s obvious to everyone that the way people work is changing forever.
In any major changes like the ones we are seeing at the moment, there will be winners and losers in the business world. While offline retail is suffering, online retail is booming, and as the move to more people working from home accelerates, career opportunities for those that safeguard the data they work with and share has grown massively.
In fact, it has been reported that there will be a shortfall of around 3.5 million jobs in one particular field in the next 12 to 18 months, which would also indicate that this would be a good field in which to develop a career.
That field is cybersecurity, which is something almost everybody has heard of, but very few people know what it is, or how important to our everyday lives it has now become.
Cybersecurity is not just something done by geeky-looking types with a cybersecurity masters qualification protecting the mission-critical data of some huge IT corporation.
If you are thinking of making the move into this field yourself, there are some things you should know, starting with the basics.
What is cybersecurity?
First things first. Cybersecurity reaches way beyond stereotypical images of nerds furiously typing away and the log-in you use for work or to get into your Amazon account or the software on whatever device you happen to be reading this on.
In a nutshell, cybersecurity is the protection of online data from theft, alteration, deletion, or destruction. This means it applies as much to you opening an email as it does to those working in an IT corporation, as we are all targets of cybercrime.
The types of threat (or more appropriately cyberthreats) are varied, and those will be looked at next, however, the concept of cybersecurity covers not only the data but the hardware and software that uses it.
The importance of this has been brought into a sharp perspective as a lot of the office-based workers who used data in a relatively controlled workplace, are now working remotely, which is a far less controlled environment, and sending and receiving more data than before over a variety of networks.
You don’t have to have a cybersecurity masters qualification to see the problems here, and hackers are not blind to the opportunity either. This means that cyberthreats and cyberattacks are becoming more and more sophisticated and adding to the list of things we have to be wary of when we go online.
What are the different types of cyberthreat?
A threat you might already be familiar with is a denial of service attack, where a company’s server is bombarded with so much information that it all but shuts down. Events like these make the news but do not involve the theft of any data. Rather, these are designed to cripple a competing business, or more likely cost a large corporate entity revenue by impacting its ability to make money.
This is usually meant as some form of protest and can be equated more to vandalism than theft. In such circumstances, it can take professionals with a cybersecurity masters certification to resolve the issue.
The most common threats are those that are designed and deployed with the intent of stealing data. An example of this type of threat is the ‘man in the middle’ technique’, where messages are intercepted so that systems think they are communicating with each other but instead sending data to an attacker, who then exploits it themselves or sells it on for others to use.
There doesn’t always have to be a man in the middle, sometimes it can be somebody on the inside, instead. This occurs when the threat is ably assisted by a willing employee or disgruntled customer. Attacks such as these can be more damaging and harder to detect as these individuals would normally exist within that business’ circle of trust and can go on for long periods without being discovered.
By contrast, there are other threats where the human is an unwitting part of the problem. These come under the wide umbrella of ‘social engineering’ and rely, to some extent, on the gullibility, naivety, inexperience, or greed of the target.
Threats that use social engineering
Activities that trigger this type of threat involve doing things like leaving an infected flash drive somewhere the target will find it, making it look like it has been lost so the target then pops it into their computer to see who it belongs to or what is on it, and in doing so lets a virus into the system.
The alternative action would be for the intended target to give it to a member of the cybersecurity team, ideally one with a cybersecurity masters certification to check over first.
Equally direct is the technique of playing on the fears of the target, by repeatedly sending them information telling them that their device is infected, so they download the malware thinking it is the solution. Often the target is none the wiser as the alerts that told them their device was infected have now stopped.
Again the target should have alerted a member of the cybersecurity team, ideally one with a cybersecurity masters certification as soon as the first of these false alarms occurred.
Just as devious is ‘pretexting’ where the target is approached online by a hacker pretending to be a colleague and gaining personal information over the course of several interactions that could then be used to access data.
While you may not have heard of any of those techniques, these next two you will almost certainly have heard of and you may have been the subject of these attacks yourself.
The first of these is phishing. This is when you receive an email or message (usually by text) from a company you have dealings with, informing you of a problem with your account or card details, often worded in such a way to stoke panic and make you act without thinking.
The purpose is to get you to click through to a website to either login or re-enter your card details, which are then harvested and used, or sold on. These do not often work, however, as they are typically clumsy efforts, with old logos or unconvincing wording sent en-masse to thousands of people including many who don’t have accounts with the company in question.
However, this type of cyber threat can sometimes be tailored to a specific handful of customers or just one company. These are far more sophisticated than normal phishing emails, as they often contain information that is more detailed and specific and therefore much harder to detect. This particular type of threat is known as spear phishing.
The most familiar threat though, is from malware, which has been around in one form or another for decades. You will have most likely have seen it arrive as part of an email, or a link at the bottom of an otherwise innocent-looking communication.
These are usually easily spotted and even the most basic of devices has software to detect this type of threat. But, this is not always the case with ransomware whereby a cyber attack will lock or disable your device or system using encryption unless a ransom is paid, with the additional threat to erase the affected data if the ransom is not paid.
What does cybersecurity do to combat these threats?
These threats are combated by an effective cybersecurity strategy. This will cover a range of areas that all have to work together for it to be fit for purpose, with even the smallest chink in the armor exploited by hackers.
This includes securing the network and the applications that run upon it, the physical security of that data, and educating the weakest link in the chain, the end-user. You have already seen how many of the cyber threats rely on human intervention to trigger them, so one of the biggest tasks is making sure that the users of the network are aware of their responsibility in keeping data safe.
Such training would ideally be carried out by a professional with a cybersecurity masters qualification, as they are in the best position to illustrate these threats and the countermeasures that can be taken. This can be a costly part of a cybersecurity strategy, however, but not as costly as having inadequate or non-existent cybersecurity.
Cybersecurity needs to evolve at the same pace as the hackers that threaten it, which means that reactive responses aren’t nearly as effective as they were previously. Once a data breach has been detected, it is often too late, so real-time assessments are running constantly to try and stop them from happening.
Of course, this approach is more labor-intensive and despite some of it being automated, the need for qualified cybersecurity personnel, ideally those with a cybersecurity masters certification is greater than ever.
An effective cybersecurity strategy has other benefits as well as deterring attacks. With the reliance on the storage of data not being limited to just IT-based companies, the need for effective cybersecurity has become universal. Therefore, if a business can show it is compliant and secure, it is more likely to attract business than one that can’t demonstrate it operates securely online.
For instance, if you had a choice between two similar subscription services and one had regular data breaches and the other had never had one, which would you be more likely to give your card details to?
So, we have established many reasons why cybersecurity is so important, and the need for qualified cybersecurity personnel to thwart the many threats that have been listed. The next thing to be addressed is the career opportunities in this particular field.
A career in cybersecurity
The urgent need for cybersecurity-qualified personnel in a variety of roles has outstripped demand and that demand is set to increase with the increasing sophistication of cyber threats and the increase in data being accessed remotely.
There are numerous vacancies across the entire spectrum of cybersecurity roles, including CISO (chief information security officer), CSO (chief security officer), security engineers and security architects as well as security analysts who together analyze test, and audit security systems.
Other roles include the wonderfully named ethical hackers and threat hunters who look for ways past cybersecurity measures. There are also often more vacancies than applicants for positions as security consultants, data protection officers, cloud security architects, cryptographers, and security administrators.
This wide range of vacancies is a strong indicator that cybersecurity is an in-demand field and that a move into cybersecurity can offer an above-average salary and also long-term job security.
However, you are unable to walk in off of the street and land one of these top jobs. Like all other professions, the more in-demand and higher paid roles will go to the most qualified applicants
Those with ambitions for one of these roles should seriously consider certification such as a cybersecurity masters, which can be completed in as little as 18 months, entirely online. This can open up a wide range of vacancies in this field, including some of the top jobs.
If you are coming in completely cold there are other courses you can complete initially, that will open the door to a cybersecurity masters and the subsequent positions that you can then apply for.
Indications are that cybercrime will more than triple the number of job openings in cybersecurity over the next five years, which would also point towards long-term job security and opportunities for advancement for those starting a career in cybersecurity during that time. This is backed by the fact that in 2016 unemployment in these roles dropped to 0% and has remained there ever since.
With instances of cybercrime increasing daily, and the comparative lack of qualified personnel to deal with this threat, the role of the cybersecurity professional is becoming more and more important.
As has been established, a career in cybersecurity could be a challenging one. However, those with the correct training and certification such as a cybersecurity masters are ideally placed to deter these threats and cyberattacks.